Technical White Paper for IPv6 Dual Stack + NAT Solution

painlosososSoftware and s/w Development

Jun 30, 2012 (5 years and 3 months ago)

511 views








Technical White Paper for IPv6
Dual Stack

+

NAT Solution



Issue

1.0

Date

2011
-
11
-
30





HUAWEI TECHNOLOGIES CO., LTD.


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.

i


Copyright © Huawei

Technologies Co., Ltd. 2011. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.


Trademarks and Permissions


and other Huawei trademark
s are trademarks of Huawei Technologies Co., Ltd.

All other trademarks and trade names mentioned in this document are the property of their respective holders.


Notice

The purchased products, services and features are stipulated by the contract made between Huawei and the customer.
All or part of the products, services and features described in this document may not be within the purchase scope or
the usage scope. Unless

otherwise specified in the contract, all statements, information, and recommendations in this
document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or
implied.

The information in this document is subje
ct to change without notice. Every effort has been made in the preparation
of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this
document do not constitute a warranty of any kind, express or impli
ed.







Huawei Technologies Co., Ltd.

Address:

Huawei Industrial Base

Bantian, Longgang

Shenzhen 518129

People's Republic of China

Website:

http://www.huawei.com

Email:

support@huawei.com




Technical White Paper for IPv6 Dual Stack+NAT
Solution

Contents


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.

ii


Contents

1 Preface

................................
................................
................................
................................
...........................

1

2 Introduction to the Solution

................................
................................
................................
.........................

3

3 Key Technologies

................................
................................
................................
................................
..........

5

3.1

Dual Stack

................................
................................
................................
................................
........

5

3.2

NAT

................................
................................
................................
................................
..................

6

3.2.1

Basic Principles of the NAT

................................
................................
................................
....

6

3.2.2

CGN Deployment

................................
................................
................................
....................

9

3.3

Address
Allocation

................................
................................
................................
.........................

12

3.4

DNS

................................
................................
................................
................................
................

13

3.5

RADIUS

................................
................................
................................
................................
.........

15

4 Typical Application

................................
................................
................................
................................
.....

16

5 Conclusi
on

................................
................................
................................
................................
...................

18

A References

................................
................................
................................
................................
...................

19

B Acronyms and Abbreviations

................................
................................
................................
....................

20


Technical White Paper for IPv6 Dual Stack+NAT
Solution

Figures


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary

and Confidential
Copyright © Huawei Technologies Co., Ltd.

iii


Figures

Figure 2
-
1

Conceptual diagram of DS+NAT solution

................................
................................
...........

4

Figure 3
-
2

IPv4/IPv6 dual
-
stack structure diagram
................................
................................
...............

5

Figure 3
-
3

Basic principles of the NAT

................................
................................
................................
.

7

Figure 3
-
4

Basic principles of the NAPT

................................
................................
..............................

8

Figure 3
-
5

Centralized deployment of CGNs attached beside the CRs

................................
..............

10

Figure 3
-
6

CGN distributed networking scenarios

................................
................................
..............

10

Figure 4
-
1

Application of IPv6 Dual Stack+NAT solution

................................
................................
.

17


Technical White Paper for IPv6 Dual Stack+NAT
Solution

Tables


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary

and Confidential
Copyright © Huawei Technologies Co., Ltd.

iv


Tables

Table 3
-
1

Comparison of CGN networking solutions

................................
................................
..........

11

Table 3
-
2

Comparison and analysis of DHCPv6 and ND address allocation

................................
......

12


Technical White Paper for IPv6 Dual Stack+NAT

Solution



Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.

v


Technical White Paper for IPv6 Dual Stack

+

NAT Solution

Keywords

IPv6 transition technology, DS (Dual Stack), NAT, CGN, DNS, RADIUS

Summary

At present, many IP network
carriers are confronted with

IPv4 address exhaustion.

The
industry

generally
acknowledges
that
evolution

to IPv6 is an effective solution to this
problem.

This document introduces the
D
ual
S
tack

+

NAT solution.
With the deployment of

dual
stack on terminal
devices

and network nodes and

with the upgrade of

the DNS and
Radius service systems to support IPv6 extension, the
D
ual
S
tack

+

NAT solution enables
IPv6 communication capabilit
ies

and the coexistence and interworking of IPv4 and IPv6
networks.
With the deployment of
the carrier
-
grade
NAT (CGN), the solution resolves
IPv4 address exhaustion and ensures

the

continuous development of IPv4 services on the
live network. With mature technologies, this solution is
the ideal
choice
for

global
carrier
s
that plan to deploy

IPv6.

Technical White Paper for IPv6 Dual Stack+NAT
Solution

1
Preface


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

1


1
Preface

On February 3, 2011, the Internet Assigned Numbers Authority (IANA
) announced that
the last batch of IPv4 address resources had been allocated.
The industry

generally
acknowledges
that
evolution

to IPv6 is an effective solution to the problem of IPv4
address exhaustion.

The length of the IPv6 address is 128 bits, and the

number of IPv6 addresses
far exceeds
the number

of IPv4 addresses. In addition, IPv6 reduce
s

packet processing overhead
s,

improve
s
network
extensibility,

and
enhances
security.
As

an

IPv4 packet header is not
compatible with
an

IPv6 packet header, network

equipment and host devices must be
upgraded to support IPv6.
Given the large

amount of network
devices

on
a

live IPv4
network, the cost of upgrad
ing

and replac
ing NEs

is huge and the
process is lengthy
.
Currently, most Internet applications are based on I
Pv4, and only a few IPv6 applications
are available.

Therefore, the industry
has unanimously decided to
introduc
e
IPv6
over the long
-
term
against the backdrop of IPv4/IPv6 coexistence
.
Carrier
s need to introduce and deploy
IPv6 network
s

as soon as possible
, and resolve the problems
that will arise from

coexistence

and
public IPv4 address exhaustion

to ensure the
continu
ity
of existing
services.

Installing

IPv4 and IPv6 protocol stacks on terminal
devices

and network nodes

represents the optimal path for sea
mlessly and cost
-
effectively

deploy
ing

IPv6 network
on
an

existing IPv4 network
,

ensur
ing

the
coexistence

of the two
and

enabling

interworking.
To achieve this, dual

stacks (DSs)

can
implement information interworking
between IPv4 and IPv6 nodes.

Technical White Paper for IPv6 Dual Stack+NAT
Solution

1
Preface


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

2


As

IPv4 a
ddress
es must

be allocated to dual

stack
devices
,

dual
-
stack or IPv6 deployment
does not resolve the problem of IPv4 address exhaustion on
a

live network before

complete evolution to

IPv6.

When public IPv4 address

resources

are

insufficient, private IPv4 addres
ses

provide

access for users

when coupled with

network address translation (NAT)

for mapping

between a few public IPv4 addresses and many users' private IPv4 addresses
.

NAT
technology can
mitigate

IPv4 address exhaustion t
o some extent

and is

widely used at
present.

The combination of dual stack and NAT technology (DS+NAT) resolves the IPv4
address exhaustion problem, and also supports

the

smooth upgrade of the existing
network to support IPv6. This is
the optimum

choice

fo
r

carrier
s
to deploy
IPv6
deployment.

Technical White Paper for IPv6 Dual Stack+NAT
Solution

2
Introduction to the Solution


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

3


2
Introduction to the Solution

Figure 2
-
1

shows the
implementation

principles of the dual stack + NAT solution.



The user terminal (such as PC, routing CPE) needs to be upgraded to support dual
st
ack (no upgrade
is
required for the bridge CPE), and needs to be

simultaneously

configured with

an

IPv4 address and IPv6 address. The user terminal accesses
an

IPv4 network with IPv4 addresses and accesses
an

IPv6 network with IPv6
addresses.



IPv6 packets

are transparently transmitted at layer 2 between the CPE and BRAS. In
PPPoE access

mode
, a PPPoE tunnel is established between the user terminal and the
BRAS
, and i
ntermediate node
s are

unaware of
the
IPv6 packets. In IPoE access

mode
, intermediate node
s
must be upgraded

to be aware of IPv6 packets and to
support light
-
weight DHCPv6 relay (LDRA).



D
ual stack for the BRAS and layer 3 equipment on the

MAN

need to be enabled
.
Nodes have IPv4 and IPv6 addresses, support dual stack, and provide IPv4 and IPv6
rou
ting and forwarding capabilities.



When public IPv4 addresses are insufficient, user hosts are allocated with private
IPv4 addresses. NAT44 translation is carried out on the operator side. Carrier
-
grade
NAT (CGN) translation capability is provided (NAT444 r
efers to two NAT44
translation operations. The other NAT44 translation is carried out on the CPE side).



Existing service models remain the same.
The u
ser authentication, authorization, and
charging mechanism remain the same except for the new IPv6 address
attributes.

Technical White Paper for IPv6 Dual Stack+NAT
Solution

2
Introduction to the Solution


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

4


Figure 2
-
1

Conceptual diagram of DS+NAT solution



N A T44
PPPoE
IPv6
L2 transparent transmission
Supporting some IPv6 feature
IPv4/IPv6 dual stack
P C
C P E
D S L A M
/
F T T x
B R A S
C G N
L2
n etw ork
D u al stack
N A T44
PPPoE
N A T44
IPoE
N A T44
IPv4
IPv6
IPv4
Technical White Paper for IPv6 Dual Stack+NAT
Solution

3
Key Technologi
es


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

5


3
Key Technologies

To implement the
D
ual
S
tack

+

NAT solution, the following key technologies are
required:



User equipment and network equipment must support IPv4/IPv6 dual stack
.



C
arrier
-
grade NAT.



The BRAS must support address allocation and management for dual
-
stack users.



The
DNS and Radius service systems must be upgraded to support IPv6 address.

3.1
Dual Stack

As defined in RFC4213, dual stack refers to installing IPv4 and IPv6

protocol stacks on
terminal
devices

and network nodes to implement information interworking with IPv4
nodes and IPv6 nodes separately. Nodes
configuring with

IPv4/IPv6 dual stack are called
dual
-
stack nodes, as shown in
Figure 3
-
2
. These nodes can send and receive IPv4 and
IPv6 packets. They can interwork with IPv4 nodes through the IPv4 protocol, and
interwork with IPv6 nodes through the IPv6 protocol.

Figure 3
-
2

IPv4/IPv6 d
ual
-
stack structure diagram



IPv4 applications
IPv6 applications
Socket API
TCP/UDP v4
TCP/UDP v6
IPv4
IPv6
data link layer
physical
layer
Technical White Paper for IPv6 Dual Stack+NAT
Solution

3
Key Technologies


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

6


The interface of the
device

configured as dual stack can have one IPv4 address,
or
one
IPv6 address, or both. The router contains two independent routing tables: one is for IPv4
addressing, the other for IPv6 addressing. Two
tables reside on the same router.

When a dual
-
stack node receives a data segment at the link layer, the node unpacks the
data segment and checks the packet header. If the value of the first field in the IPv4/IPv6

packet

is 4, this packet is processed by th
e IPv4 protocol stack. If the value is 6, this
packet is processed by the IPv6 protocol stack.

To support IPv6 route
-
learning, the dual
-
stack router must run IPv6
-
compliant routing
protocols at the same time. If OSPF is deployed on the live network,
adding

OSPFv3
will
support IPv6. If ISIS is deployed on the live network, deploy
ing

ISIS multi
-
topology
support
s

the learning of IPv6 routes. The BGP4+

is supported. The
IPv6 route
advertisement

is supported

by configuring and enabling the IPv6 address family, a
nd
the
IPv6 route reflection function
is supported
by upgrading
the
RR
(
if necessary
)
.

D
ual
-
stack architecture allows equipment to receive, process, and forward IPv4/IPv6
traffic. This architecture supports network equipment (routers) with IPv4/IPv6 dual s
tack,
has two
l
ogicall
y
coexisting networks, and supports smooth transition to IPv6.

The dual stack mechanism is the most direct way to enable IPv6 nodes to be compatible
with IPv4 nodes
, provides

good interworking capability
,

and is easy to understand.
Ho
wever, dual stack does not resolve the IPv4 address exhaustion problem. Therefore,
NAT technology
is required
.

3.2
NAT

Network address translation (NAT) is increasingly used to resolve the problem of
insufficient public IPv4 addresses. When a host with a priva
te IP address needs to access
the Internet, the NAT device on the edge of the network translates the source address in
the IP packet into a public IP address.
The
NAT
device

translates

the
destination IP
address in
an

IP
packet returned from the Internet

into a private IP address, and forwards
this IP packet to the private network. By mapping between a few public IP addresses and
many private IP addresses, NAT technology can alleviate IPv4 address exhaustion to
some extent.

3.2.1
Basic Principles of the NAT

The
re are two ways to implement NAT:

Technical White Paper for IPv6 Dual Stack+NAT
Solution

3
Key Technologies


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

7




NAT

The NAT
technology

only translates IP addresses and does not process port numbers.
For implementation details, refer to
Figure 3
-
3
.



The NAT
device

receives packets sent by private network users to access the
public network.



The
NAT
device

selects an unused public IP address from the address pool and
creates a NAT entry.



The
NAT
device

identifies

the NAT entry according to the source private IP
address, and translates and forwards packets to the public network based on the
search result.



The
NAT
device

receives the echo packet on the public network side, looks up the
rever
se NAT entry based on the destination IP address, translates the packet based
on the result, and sends this packet to the private network.

Figure 3
-
3

Basic principles of the NAT

10
.
1
.
1
.
200
10
.
1
.
1
.
200
-
>
211
.
100
.
7
.
34
162
.
105
.
178
.
65
162
.
105
.
178
.
66
162
.
105
.
178
.
67
162
.
105
.
178
.
68
...
211
.
100
.
7
.
34
162
.
105
.
178
.
65
-
>
211
.
100
.
7
.
34
162
.
105
.
178
.
65
<
-
211
.
100
.
7
.
34
10
.
1
.
1
.
200
<
-
211
.
100
.
7
.
34
Address
group
NAT
NAT Table
after NAT
before NAT
outbound
162
.
105
.
178
.
65
10
.
1
.
1
.
200
inbound
10
.
1
.
1
.
200
162
.
105
.
178
.
65




NAPT

To apply NAT technology, each private IP address needs

a public IP address
, which
waste
s

public IP addresses. Therefore, network address and port translation (NAPT)
technology is adopted in actual
scenarios
. When the NAT
device

translates addresses,
the
device

translates addresses and port numbers in IP packe
ts. For details, refer to
Figure 3
-
4
.

Technical White Paper for IPv6 Dual Stack+NAT
Solution

3
Key Technologies


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

8


Figure 3
-
4

Basic principles of the NAPT

10
.
1
.
1
.
200
:
1025
-
>
211
.
100
.
7
.
34
:
80
162
.
105
.
178
.
65
162
.
105
.
178
.
66
162
.
105
.
178
.
67
162
.
105
.
178
.
68
...
211
.
100
.
7
.
34
:
80
-
>
10
.
1
.
1
.
200
:
1025
10
.
1
.
1
.
110
:
1028
-
>
211
.
100
.
7
.
34
:
80
162
.
105
.
178
.
65
:
16400
-
>
211
.
100
.
7
.
34
:
80
211
.
100
.
7
.
34
:
80
-
>
162
.
105
.
178
.
65
:
16400
211
.
100
.
7
.
34
:
80
-
>
10
.
1
.
1
.
110
:
1028
Address
Group
162
.
105
.
178
.
65
:
16384
-
>
211
.
100
.
7
.
34
:
80
211
.
100
.
7
.
34
:
80
-
>
162
.
105
.
178
.
65
:
16384
211
.
100
.
7
.
34
NAT Table
after NAT
before NAT
outbound
162
.
105
.
178
.
65
:
16384
10
.
1
.
1
.
200
:
1025
inbound
NAT
162
.
105
.
178
.
65
:
16384
10
.
1
.
1
.
200
:
1025
outbound
162
.
105
.
178
.
65
:
16400
10
.
1
.
1
.
110
:
1028
inbound
162
.
105
.
178
.
65
:
16400
10
.
1
.
1
.
110
:
1028
10
.
1
.
1
.
200
10
.
1
.
1
.
110




The NAT
device

receives packets
sent by

private network user
s

to access the
public network.



If a private network user starts a new outbound connection, the NAT
device

selects an idle public IP address and a port number, and creates a NAT entry.



According to the source private IP address, the destination IP address,
the source
port number, and the destination port number, the NAT
device

finds

the NAPT
entry, translates the packet based on the result, and forwards the packet to the
public network.



The NAT
device

receives the echo packet on the public network side, look
s up the
reverse NAPT entry based on the destination IP address, translates the packet
based on the result, and sends this packet to the private network.

By translating both

the

IP address and port number, NAPT makes full use of IPv4 address
resources and
enables
more hosts on the internal network to access the Internet.

NAT Traversal

NAT technology effectively resolves the problem of IP address exhaustion, but
causes

address translation problem
s
:

Technical White Paper for IPv6 Dual Stack+NAT
Solution

3
Key Technologies


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

9




Some application layer protocols (such as SIP) negotiate the

port number between
the client and the server.
Therefore, c
reation of a NAT entry is based on the result of
packet negotiation.



The
pay
load part of some TCP/UDP

applications (end
-
to
-
end applications such as
multimedia session, file sharing, and games) contains the private IP address or port
information.

One solution is

for
the application
to fill in
its own address in the
pay
load and
for the
NAT to change into th
e
external NAT address. Therefore,
the
NAT
device

must be capable
of resolving specific application protocols

by using the

application layer gateway (ALG).
The ALG function
detects

payload
s and transforms

special application protocols

to ensure
that applic
ations

operate normally in the NAT environment

and require no
special

user

configuration
s
. The limitation
s

of the ALG solution
are

that
the
NAT needs to be
upgraded for every new application

and that the ALG causes security problems.

As the

ALG cannot reco
gnize encrypted packets, packets
are

transmitted in plain text
, which is
risky over a

public network.

The other solution is
for the

application
to
obtain the corresponding external NAT address
in advance, and fill

in

the external NAT address in the UDP loa
d. Therefore, the load
content
does not need

to be modified by
the
NAT
;

for example,

for the

simple traversal of
UDP through network address translators (STUN) and traversal using relay NAT (TURN)
protocols.

3.2.2
CGN Deployment

The essence of the carrier
-
grade
NAT (CGN) solution is that the NAT deployed on the
operator network and the NAT on the user side form two
-
level NAT (NAT444) and three
address spaces. The address spaces include the private IP address on the user side, the
private IP address on the operato
r side, and the public IP address.
The CGN

possesses
high

capacity, reliability, and performance.

At present, stand
-
alone CGN and plug
-
in CGN are available.
S
tand
-
alone CGN is
attached beside or directly to other network
devices, while

a
plug
-
in CGN

inserted into
a

device

on the live network as a board.

The CGN can be deployed in two modes: centralized deployment mode at the egress of
the MAN
or

distributed deployment on the edge service access point (SAP) plane on the
MAN.

Technical White Paper for IPv6 Dual Stack+NAT
Solution

3
Key Technologies


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

10


Centralized Deployment of
CGNs

The CGNs are deployed at the egress of the metropolitan backbone network in centralized
mode. CGNs are attached beside the CRs as independent
devices
, as shown in
Figure 3
-
5
.

Figure 3
-
5

Centralized deployment of CGNs attached beside the CRs



Distributed Deployment of CGNs

CGNs are distributed at the SAP on the MAN edge, as shown in
Figure 3
-
6
. CGN
modes
and networking diagrams are divided into the following scenarios:



Plug
-
in BRAS



Independent
device

attached directly to the BRAS



Independent
device

attached beside the BRAS

Figure 3
-
6

CGN distributed networking scenarios



CGN
BRAS
CR
CR
CGN
BRAS
CR
CR
BRAS
BRAS
Plug
-
in BRAS
CGN
Attached
directly to the BRAS
CR
CR
CGN
BRAS
BRAS
CR
CR
BRAS
BRAS
Attached
beside the
BRAS
CGN
CGN
Technical White Paper for IPv6 Dual Stack+NAT
Solution

3
Key Technologies


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

11


Comparison of CGN Ne
tworking Solutions

Table 3
-
1

Comparison of CGN networking solutions


Centralized CGN Deployment

Distributed CGN Deployment

Deployment
position

Deployed at the egress of metropolitan
backbone network in centralized mode.

Deployed at the SAP on the MAN edge in
distributed mode.

Deployment
mode

Independent device attached to the CR.

BRAS plug
-
in mode.

Deployment
difficulty

Enables new devices to be centrally deployed
and is easily implemented; the number of
devices increases or decreases with
subsequent user
traffic fluctuations.

No need to add new devices; multi
-
point
deployment is needed in the early stage;
installation and maintenance are complex.

Networking
solution

User private IP addresses need to be
advertised to the MAN. The private IP address
and rou
te on the MAN need to be re
-
planned
and networking is complicated.

User private IP addresses are not
advertised to the MAN. The architecture
of the MAN does not change and the
solution is simple.

Traffic

Local traffic in the same city is directed to and
processed by the MAN core router and CGN.
CR traffic is heavy and the CGN is likely to
create bottlenecks.

As the architecture of the MAN remains
the same, the traffic model does not
change. Forwarding effi
ciency is high and
requirements for performance are low.

Reliability

The CGN maintains many sessions. The
requirement on reliability is high. The single
point of failure has a large influence terrain
and can easily become an attack point.

The CGN maintai
ns a few sessions and
the single point of failure has a small
influence terrain. Distributed deployment
spreads the risk of being attacked.

Deployment
value

Lower total cost; centralized control is easy.

Delayering

and distributed architecture
conforms to long term development
trends.

Effect on
application
layer

NAT user source tracing and ALG control at
the core are difficult and not conducive to the
deployment of new applications.

NAT user sourcing and ALG

control on
the edge are easier.


D
eployment of the CGN by plug
-
in BRAS is recommended

for the following
reasons
:



Network structure and traffic model remain the same.



User private IP address planning and metropolitan routing management are simple.



User po
licy control and sourc
e trac
ing are easy.

Technical White Paper for IPv6 Dual Stack+NAT
Solution

3
Key Technologies


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

12


3.3
Address Allocation

In dual stack access,
both
IPv4 and IPv6 addresses must be allocated to users.

In PPPoE access

mode
, the IPCP protocol completes IPv4 address negotiation and
delivers IPv4 addresses
to the

gatewa
y and DNS server. In IPoE access

mode
, the
allocation of IPv4 addresses
occurs only in
stateful mode (DHCPv4).

In the

IPv6

scenario
, IPv6CP only negotiates the interface ID (Interface
-
ID: forming
Link
-
local address with FE80::) and IPv6 compression protocol. The IPv6 address and
DNS configuration information are obtained by stateless address autoconfiguration or
stateful address autoc
onfiguration.

The

IPv6 gateway is obtained according to the source
IPv6 address (Link
-
local address) in the NDRA packet.



Stateless address autoconfiguration:
Used to configure the link
-
local addresses
and other non
-
link
-
local addresses

by

exchanging router

solicitation and router
advertisement messages with neighboring routers. In
a
narrow sense, address
configuration with ND protocol is stateless. NDRA allocates the 64 bit prefix, and
the last 64 bit interface ID is generated by the host itself.



Stateful
address autoconfiguration
: The non
-
link
-
local address is configured with
configuration protocols such as DHCP. In
a
narrow sense, address configuration with
DHCPv6 is stateful.

Table 3
-
2

Comparison and analysis of DHCPv6 and ND address allocation

Compare

DHCP

ND

Ad
dress
management

Stateful. The server stores information on
allocation and release of user addresses or
prefixes.

Stateless. The server does not store
information on user address allocation.

Deployment
value

Supports allocation of 128
-
bit addresses and
different
-
length prefixes; forms the
mainstream solution and has good
extensibility.

Allocates only 64
-
bit prefixes, with poor
extensibility.

Realization
difficulty

Complex; high requirement for devices and
requires support for extension protocols
such as

DHCPv6 and DHCPv6
-
PD.

Realization is easier and has lower
requirements on for devices. ND is
supported by all IPv6 devices.

Technical White Paper for IPv6 Dual Stack+NAT
Solution

3
Key Technologies


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

13


Performanc
e

Built in the device or deployed by a
high
-
performance server.

Built in the device; not suitable for
supporting large
capacity users.

Security

Application layer protocol; good security.

ICMPv6 protocol; poor security.

I
f M is labeled 0 and other configuration information O is labeled 1
during

the interaction
of RS and RA packets of the ND protocol, the client needs to use the stateless DCHPv6 to
obtain other configuration information except for the address. If the router sets the
address configuration M in the RA packet to 1, the client needs
to use the stateful address
configuration to obtain the address and other configuration information.

The DHCP stateful address allocation can allocate 128 bit addresses and prefixes of
different lengths, with good ex
tensibility
. Therefore, DHCPv6 is often
used.



The DHCPv6 protocol allocates addresses through the IA_NA option (carrying IA
Address).



The DHCPv6 protocol allocates the prefixes through the IA_PD option (carrying IA
Prefix).



In CPE routing mode, the DHCPv6 packet carries IA_NA and IA_PD options
at the
same time. Therefore, addresses and prefixes are allocated in one session.

3.4
DNS

IPv6 Extension of the DNS

The d
omain name system (DNS) is a distributed database used for TCP/IP applications.
DNS translat
es

host names and IP addresses. In the transiti
on from IPv4 to IPv6, the DNS
service, as the basic architecture of the Internet, needs to be upgraded to support IPv6.

The architectures of IPv6 DNS and IPv4 DNS are the same. They adopt tree domain
spaces

and

IPv4 and IPv6 share a uniform domain space. T
he domain name supporting
dual stack corresponds to several IPv4 and IPv6 addresses at the same time.

RFC3596

DNS Extensions to Support IP Version 6

defines
the
extended support of DNS
protocol for IPv6:



Adding AAAA resource records (TYPEs=28) for IPv6
address storage.



Adding special domains to support IPv6 address resolution. The root is IP6.ARPA.

Technical White Paper for IPv6 Dual Stack+NAT
Solution

3
Key Technologies


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

14




Adding
the processing of both
IPv4 and IPv6 address
es in
the current query
mechanism
.

For the dual stack IPv6 transition solution, both A and AAAA (or A6) rec
ords exist in the
DNS server at the same time.
As

the node can process IPv4 and IPv6 protocols,
translation
devices

such as

the

DNS ALG
are

not
required
. The DNS server can answer A
records and AAAA records.

Acquiring of IPv6 Address by the DNS Server

The
DNS server obtains the IPv6 address
in

different ways such as

using

ND RA packet
s

and DHCPv6 packet
s
.
As current

Windows operating system does not support RFC6106
(DNS Server is carried in the ND RA packet), the DNS server can obtain the
configuration info
rmation through DHCPv6

only.

Technical White Paper for IPv6 Dual Stack+NAT
Solution

3
Key Technologies


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

15


3.5
RADIUS

IPv6 Extension of the RADIUS

The RADIUS server performs user access authentication, authorization and accounting.
To support IPv6 RADIUS,
which is

the next RADIUS version (RFC3162: RADIUS and
IPv6), the following RADIUS
attributes supporting IPv6 are added: IPv6 address, prefix
attribute, and
the
active/standby DNS attribute of IPv6

and so on
. New attributes are

currently

being added with the development of the IPv6 protocol.

The RADIUS server can be installed on the IPv4

network or the IPv6 network. On
different networks, only encapsulation and transmission of packets between the BRAS
and RADIUS are different, and the format and content are the same.

Authentication and Accounting for Dual
-
Stack Users

During access of
dual
-
stack user
s, t
he BRAS

that c
ompl
ies

with RFC 3162 (RADIUS and
IPv6) serves as the RADIUS client to perform authentication, authorization and
accounting with the RADIUS server. The BRAS sends the user name and password to the
RADIUS server enabled by IPv4
or IPv6 or both. At the same time, the BRAS delivers all
RADIUS attributes to the RADIUS server through Accounting
-
Request during
accounting.

Real
-
time accounting is usually adopted for dual
-
stack users. When a user is online, the
ME60 periodically generat
es accounting packets and sends the packets to the remote
accounting server.
Real
-
time accounting minimizes bill errors when the link fails, and
maximizes the precision of charging information.



D
ual
-
stack user accounting uniformly sends the charging start
packet
after

completi
ng

the
allocation of a
n

address
or

prefix, and sends real
-
time charging
packets to notify the RADIUS server of updating the IP information when the
subsequent address or prefix changes

or are allocated
.



Calculation of the online durati
on starts when the first address is obtained, and stops
when the user g
oes

offline.



IPv4 and IPv6 traffic of the dual
-
stack user can be charged uniformly or separately.

Technical White Paper for IPv6 Dual Stack+NAT
Solution

4
Typical Application


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

16


4
Typical Application

The D
ual
S
tack+NAT solution
i
s a mature
technology

and can
resolve the problems of
large
-
scale

IPv6 access and IPv4 address exhaustion. Currently, most operators around
the world
, including

China Telecom, NTT, BT, and Telefonica
,

tend to choose this
solution.
Figure 4
-
1

shows a typical case of the dual
-
stack solution adopted by an
operator to deploy IPv6:



MAN and backbone network: Upgrade software to support IPv6.



Service control layer: Upgrade software of

the BRAS (such as

the

Huawei ME60) on
the MAN to support mass access of dual
-
stack broadband users. The CGN is
deployed by plugging in the BRAS.



Access layer: Upgrade all layer 2
devices

(PON, DSLAM, LAN, and WLAN) on the
access network to support

the

tra
nsparent transmission of IPv6 for dual
-
stack user
access.

Technical White Paper for IPv6 Dual Stack+NAT
Solution

4
Typical Application


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

17


Figure 4
-
1

Application of IPv6
D
ual
S
tack+NAT solution


I Pv6
backbone
I Pv4
backbone
ME60
HG
IPv4/IPv6
CGN
129.0.0.1
192.168.0.2
2001:0:1:1::2
Dual stack metro network
IPv4/IPv6
ME60
CGN
HG
IPv4
IPv6
Technical White Paper for IPv6 Dual Stack+NAT
Solution

5
Conclusio
n


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

18


5
Conclusion

By deploying
the
dual stack on terminal
devices

and network nodes and

by
upgrading

the

DNS and Radius service systems to support IPv6 extension, the
D
ual
S
tack+NAT solution
enables IPv6 communication capabilit
ies

and coexistence and interworking of IPv4 and
IPv6 networks.
D
eploying the CGN resolves IPv4 address exhaustion and ensures

the

continuous development of IPv4 services on the live network. With mature technologies,
this solution is

the

best

choice
for

many global operators
seeking to deploy
IPv6.

As a global leading telecommunication solution provider, Huawei provides end
-
to
-
end
I
Pv6 solutions for operators to build manageable and future
-
proof IPv6 networks. In
addition,
the
Huawei CGN
device

supports
high
-
capacity session tables and line rate
processing, board
-
level or
device
-
level backup and load balancing, and different
deployme
nt modes such as stand
-
alone and plug
-
in mode
s
.
T
he
CGN plug
-
gin mode
(
plug
ging
in
to

the
BRAS
)

integrates the BNG and CGN functions into one device,
implements manageable and controllable NAT resources, and achieves user
-
based
precision policy control. In
this way, the solution delivers carrier
-
class address and NAT
resources allocation
.

Technical White Paper for IPv6 Dual Stack+NAT
Solution

A
References


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

19


A
References

1.

RFC42
13: Basic Transition Mechanisms for IPv6 Hosts and Routers

2.

RFC4141: A Model of IPv6/IPv4 Dual Stack Internet Access Service

3.

RFC48
61: Neighbor Discovery for IP version 6 (IPv6)

4.

RFC5072: IP Version 6 over PPP

5.

RFC3315: Dynamic Host Configuration Protocol for IPv6 (DHCPv6)

6.

RFC3162: RADIUS and IPv6

7.

RFC3596: DNS Extensions to Support IP Version 6

8.

RFC3633: IPv6 Prefix Options for Dynamic
Host Configuration Protocol (DHCP)
version6

9.

RFC3646: DNS Configuration options for Dynamic Host Configuration Protocol for
IPv6 (DHCPv6)

10.

RFC6106: IPv6 Router Advertisement Option for DNS Configuration

11.

RFC4862: IPv6 Stateless Address Autoconfiguration

12.

RFC3
736: Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6

13.

RFC6221: Lightweight DHCPv6 Relay Agent

14.

RFC4787: NAT Behavioral Requirements for Unicast UDP

15.

RFC5382: NAT Behavioral Requirements for TCP

16.

RFC5508: NAT Behavioral Requirements for IC
MP

17.

draft
-
ietf
-
behave
-
lsn
-
requirements
-
01

18.

draft
-
donley
-
nat444
-
impacts
-
01

19.

RFC6204 Basic Requirements for IPv6 Customer Edge Routers

Technical White Paper for IPv6 Dual Stack+NAT
Solution

B
Acronyms and Abbreviations


Issue
1.0

(
2011
-
11
-
30
)

Huawei Proprietary and Confidential
Copyright © Huawei Technologies C
o., Ltd.

20


B
Acronyms and Abbreviations

Acronym and Abbreviation

Full Name

ALG

Application Layer Gateway

BNG

Broadband Network Gateway

BRAS

Broadband Remote Access Server

CGN

Carrier Grade
NAT

CPE

Customer Premises Equipment

DHCP

Dynamic Host Configuration Protocol

DHCPv6

Dynamic Host Configuration Protocol for IPv6

DNS

Domain Name System

DS

Dual Stack

LDRA

Lightweight DHCPv6 Relay Agent

NAPT

Network Address and Port Translation

NAT

Network Address Translation

ND

Neighbor Discovery

RADIUS

Remote Authentication Dial
-
In User Service

SIP

Session Initiation Protocol

STUN

Simple Traversal of UDP Through Network Address Translators

TURN

Traversal Using Relay NAT